PT-2026-25447 · Npm · Openclaw

Publicado

2026-03-03

·

Atualizado

2026-03-03

Nenhuma

Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.

Summary

In OpenClaw system.run allowlist mode, shell-wrapper analysis could be bypassed by splitting command substitution as $ + newline + ( inside double quotes. Analysis treated the payload as allowlisted (for example /bin/echo), while shell runtime folded the line continuation into $(...) and executed non-allowlisted subcommands.

Affected Packages / Versions

  • Package: npm openclaw
  • Latest published affected version: 2026.2.21-2
  • Affected range: <=2026.2.21-2
  • Patched version (planned next release): 2026.2.22

Impact

In deployments that opt into tools.exec.security=allowlist (with ask=on-miss or off), this can bypass approval boundaries and lead to unintended command execution.

Fix Commit(s)

  • 3f0b9dbb36c86e308267924c0d3d4a4e1fc4d1e9

Remediation

  • Upgrade to 2026.2.22 (or newer) when published.
  • Temporary mitigation: set tools.exec.ask=always or tools.exec.security=deny.

Release Process Note

patched versions is pre-set to planned next release 2026.2.22. After npm release is out, this advisory should be ready for direct publish without additional metadata edits.
OpenClaw thanks @tdjackey for reporting.

OS Command Injection

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-863

Identificadores relacionados

GHSA-9868-VXMX-W862

Produtos afetados

Openclaw